MSFpayload

Exploit Development : Payloads

The MSFpayload Command Line Interface

Note: As of 2015-06-08 msfpayload has been removed
msfpayload is a command line instance of Metasploit that is used to generate and output all of the various types of shellcode that are available in Metasploit. The most common use of this tool is for the generation of shellcode for an exploit that is not currently in the Metasploit Framework or for testing different types of shellcode and options before finalizing an Exploit Module.

This tool has many different options and variables available to it, but they may not all be fully realized given the limited output in the help banner.

Once you have selected a payload, there are two switches that are used most often when crafting the payload for the exploit you are creating. In the example below we have selected a simple Windows bind shell. When we add the command-line argument “O” with that payload, we get all of the available configurable options for that payload.

Much like the ‘generate‘ command (discussed earlier) inside the Metasploit console, payload options are defined using the “VAR=VAL” format. Now we have our fully customized shellcode to be used in any exploit!